Main Vulnerability Database SB2025111245

SB2025111245 - Information disclosure in IBM Db2

Published: November 12, 2025

Security Bulletin ID SB2025111245

CSH Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Physical access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Information disclosure (CVE-ID: CVE-2025-36131)

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

CVSSv4: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows an attacker with physical access to the system to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. An attacker with physical access to the system can gain unauthorized access to sensitive information.

Remediation

Install update from vendor's website.

References

https://www.ibm.com/support/pages/node/7250484